HG325 takes a bottom-up approach to teach comprehensive network intrusion detection and network forensics. The cybersecurity landscape is continusl changing from perimeter protection only to protecting exposed cloud and mobile systems that are always connected and sometimes vulnerable as well. Security professionals who can help detect and mitigate intrusions are in great demand across the industry.
You will learn about the in-depth theory of TCP/IP and the most used communication protocols, such as DNS and HTTP/HTTPS, so that you can intelligently examine network traffic for signs of an intrusion. You will get chnace to master number of tools, including tcpdump, Wireshark, Snort, Zeek, tshark, and SiLK.
You will learn
- How to analyze network traffic passing through your website to avoid becoming another "Data Breach!" headline.
- How to identify malicious network activities for which no IDS/IPS has published signatures.
- How to place, customize, configure, and tune your network IDS/IPS for maximum detection.
- Hands-on threat detection, analysis, and network forensic investigation using a variety of open-source tools.
- TCP/IP and common communication protocols to gain deep insight of your network traffic, enabling you to distinguish normal from malicious traffic.
- The benefits of using signature-based detection, netflow, and hybrid traffic analysis frameworks.
You will be able to
- Configure and execute open-source Snort IDS and write Snort signatures.
- Configure and execute open-source Bro/Zeek to provide a hybrid network traffic analysis.
- Understand TCP/IP component layers to identify normal and malicious traffic.
- Use open-source network packet analysis tools to identify signs of an intrusion.
- Employ network forensics to investigate network traffic to identify a possible intrusion.
- Use Wireshark to dig out malicious file attachments
- Write tcpdump filters to examine a particular network packet.
- Craft network packets with Scapy.
- Use network flow tool SiLK to find network anomalies
- Use your knowledge of network design and architecture to customize placement of IDS/IPS sensors and sniff traffic off the wire.
Hands-on labs
- TCP/IP communications model
- Data encapsulation/de-encapsulation
- Discussion of bits, bytes, binary, and hex
- Introduction to Wireshark
- Examination of Wireshark statistics
- Stream reassembly
- Finding content in packets
- Introduction to 802.x link layer
- Address resolution protocol
- ARP spoofing
- IPv4 and IPv6
- Comparison with IPv4
- IPv6 in transition
- Wireshark Display Filters
- Writing BPF Filters
- TCP, UDP, ICMP
- Command Line Tools
- Packet crafting and analysis using Scapy
- Exporting web objects
- Extracting arbitrary application content
- Wireshark investigation of an incident
- Detection Methods for Application Protocols
- DNS architecture and function
- Caching
- DNSSEC
- Microsoft Protocols
- Modern HTTP and TLS
- SMTP
- IDS/IPS Evasion Theory
- Identifying Traffic of Interest
- Network Architecture
- Introduction to IDS/IPS Analysis
- Snort IDS
- Writing Snort rules
- Zeek Framework
- Zeek scripting
- Network Forensics Analysis
- Network Flow Records
- NetFlow and IPFIX metadata analysis
- Command and Control Traffic
- Analysis of Large pcaps